Argon2id usage

[vault-thirteen]

Hello.

I am trying to understand how can I use this library to create a key using the Argon2id algorithm with custom settings. Do I need the sodium._crypto_pwhash function for this ? If yes, then where is the documentation for this function ?

I can see some pieces of words in the JavaScript file, but it is not clear what all this means: ,B._crypto_pwhash=(A,I,g,C,a,e,_,t,r,o,i)=>(B._crypto_pwhash=T.cf)(A,I,g,C,a,e,_,t,r,o,i),

I know that the library was originally written in C language, which uses different approach from JavaScript and documentation for the library written in C language differs from JavaScript variant.

It would be great if you could show where do I put such arguments as password, salt, keySize, memory, numberOfIterations.

I have the following code on my server side, which is written in Golang, and I want to do the same in this JavaScript port of C. key = argon2.IDKey(pwd, salt, Argon2Iterations, Argon2Memory, Argon2Threads, Argon2KeyLength)

The documentation of the C variant located at https://doc.libsodium.org/password_hashing/default_phf has 8 arguments:

if (
        crypto_pwhash
        (
            key, 
            sizeof key, 
            PASSWORD, 
            strlen(PASSWORD), 
            salt,
            crypto_pwhash_OPSLIMIT_INTERACTIVE, 
            crypto_pwhash_MEMLIMIT_INTERACTIVE,
            crypto_pwhash_ALG_DEFAULT
        ) != 0
) 
{
    /* out of memory */
}

The piece of JS abrakadabra has 10 arguments:

B._crypto_pwhash=
(
A,
I,
g,
C,
a,
e,
_,
t,
r,
o,
i
)

8 <> 10, so I assume that simple analogy does not work here.

Thank you.

[vault-thirteen]

P. S.

The ReadMe file of the repository has no mention of documentation and I see no documentation files for the JS library in repository. It would be good to have documentation of the JS library, otherwise it is not clear how to use all this abrakadabra minified code. Looking forward to your reply.

[jedisct1]

Minified code is not meant to be human-readable, or even deterministic 😊

The README file says:

The API exposed by the wrappers is identical to the one of the C library, except that buffer lengths never need to be explicitly given.

Searching for crypto_pwhash in the issue titles returns example such as:

sodium.crypto_pwhash(32, password, "0000000000000000",
    sodium.crypto_pwhash_OPSLIMIT_INTERACTIVE, 
    sodium.crypto_pwhash_MEMLIMIT_INTERACTIVE,
    sodium.crypto_pwhash_ALG_DEFAULT)

If you specifically need Argon2id, replace crypto_pwhash_ALG_DEFAULT accordingly.

For web browsers, you may have to keep memory limits low.

[vault-thirteen]

I will try this. Thank you!

[vault-thirteen]

If I delete the underline in sodium._crypto_pwhash(), I have following code sodium.crypto_pwhash() and my IDE says Unresolved function or method crypto_pwhash(). I tried a standard js file and the 'sumo' edition. What am I doing wrong ?

[vault-thirteen]

It looks like this JS library is creating itself in runtime and my IDE sees only the code which is creating the library but not the library itself, so it says that this function does not exist. Is there any way to get the JS code which has explicit definitions of public functions so that my IDE is able to see it ?

[vault-thirteen]

It looks like have found a way. I need to develop my JS code inside a web browser, not inside the IDE ! Web browser's console shows that sodium.crypto_pwhash() is public and visible. Oh My God !.. https://joyreactor.cc/post/196586

[vault-thirteen]

One problem is still actual. How and where do I get the signature of the crypto_pwhash function ?

My web browser shows only function names in console, it does not show function signatures.

[jedisct1]

You can look at the JSON files here: https://github.com/jedisct1/libsodium.js/tree/master/wrapper/symbols

But really, it's the same as the underlying library, without array lengths having to be explicitly passed as an argument. Pretty much identical to the PHP bindings.

[vault-thirteen]

Thank you.